Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50626

External DNS not working proper in STS aws gov cloud

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Moderate
    • Yes
    • None
    • None
    • Rejected
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      External dns works fine in Aws Gov cluster, but it got issues in STS cluster.
      When the we create the external DNS, even though we able to create it, but getting WebIdentityErr error
      
      time="2025-02-12T11:18:40Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: WebIdentityErr: failed to retrieve credentials\ncaused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus code: 403, request id: 311bd17f-c0ef-465a-8de4-b227dcdb0d0a"

      Version-Release number of selected component (if applicable):

          

      How reproducible:

         100%    

      Steps to Reproduce:

      1. Build and deploy ExtDNS in AWS STS gov region
      2. Check the logs of extdns operand pod.
      

      Actual results:

          time="2025-02-12T11:18:40Z" level=error msg="Failed to do run once: soft error\nrecords retrieval failed: soft error\nfailed to list hosted zones: WebIdentityErr: failed to retrieve credentials\ncaused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity\n\tstatus code: 403, request id: 311bd17f-c0ef-465a-8de4-b227dcdb0d0a"

      Expected results:

          "All records are already up to date"

      Additional info:

          During the regression run in prowci the error was 
      
      STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: d67801b0-52fd-45b2-b2ba-cdeefd5f220e, api error InvalidClientTokenId: The security token included in the request is invalid.
      
      https://reportportal-openshift.apps.ocp-c1.prod.psi.redhat.com/ui/#prow/launches/all/656980/95205674/95206206/log?item1Params=filter.eq.hasStats%3Dtrue%26filter.eq.hasChildren%3Dfalse%26filter.in.type%3DSTEP%26filter.in.status%3DFAILED%252CINTERRUPTED

              nid-team-bot NID Team Bot
              rhn-support-mjoseph Melvin Joseph
              None
              None
              Melvin Joseph Melvin Joseph
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: